PT-2025-52514 · Esri · Arcgis Web Appbuilder Developer Edition
Published
2025-12-19
·
Updated
2025-12-19
·
CVE-2025-67712
CVSS v3.1
4.7
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30
Description
An HTML injection issue exists in Esri ArcGIS Web AppBuilder developer edition that could allow a remote, unauthenticated attacker to cause arbitrary HTML to render in a victim's browser by enticing a user to click a link. The impact is limited as there is no evidence of JavaScript execution. The ArcGIS Web AppBuilder developer edition is retired and unsupported.
Recommendations
Update to version 2.30 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arcgis Web Appbuilder Developer Edition